CVE-2018-25233
Buffer Overflow in WebDrive 18 Causes Local DoS Crash
Publication date: 2026-03-30
Last updated on: 2026-04-08
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| southrivertech | webdrive | 18.00.5057 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-233 | The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2018-25233 is a denial of service vulnerability in WebDrive version 18.00.5057 and earlier. It occurs during the Secure WebDAV connection setup when the application improperly handles the username parameter. A local attacker can supply an excessively long stringβspecifically a buffer-overflow payload of 5000 bytesβin the username field. When the connection test is triggered with this input, the application crashes, causing a denial of service.
How can this vulnerability impact me? :
This vulnerability can cause the WebDrive application to crash, resulting in a denial of service. Since the crash is triggered by a local attacker supplying a specially crafted username string during Secure WebDAV connection setup, it can disrupt normal operations and availability of the application. The impact is specifically on availability, with no direct compromise of confidentiality or integrity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the crash condition in a controlled environment. Specifically, it involves supplying an excessively long string of 5000 characters in the username field during the Secure WebDAV connection setup in WebDrive 18.00.5057.
- Generate a string of 5000 'A' characters (e.g., using a Python script).
- Copy the generated string to the clipboard.
- Open WebDrive and create a new Secure WebDAV connection.
- Paste the long string into the Username field.
- Click 'Test Connection' to trigger the vulnerability and observe if the application crashes.
No specific network commands or automated detection tools are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of excessively long strings in the username field during Secure WebDAV connection setup in WebDrive 18.00.5057.
Since the vulnerability is triggered by local input, restricting access to the application to trusted users and environments can reduce risk.
Monitor for application crashes related to Secure WebDAV connections and avoid testing connections with untrusted or malformed input.
Check for updates or patches from the vendor WebDrive (https://webdrive.com) that address this vulnerability and apply them as soon as they become available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2018-25233 is a denial of service vulnerability that allows local attackers to crash the WebDrive application by supplying an excessively long string in the username field during Secure WebDAV connection setup.
While the vulnerability impacts availability by causing application crashes, there is no direct information provided about its effects on compliance with common standards and regulations such as GDPR or HIPAA.
However, WebDrive as a product includes enterprise logging with audit-ready visibility to track file activity, supporting compliance and security monitoring, which may help mitigate compliance risks in general.
Since this vulnerability affects availability but does not impact confidentiality or integrity, its compliance impact would primarily relate to availability requirements in standards, but no explicit linkage or assessment is provided.